Note: This is an archival copy of Security Sun Alert 257331 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com
as Sun Alert 1020388.1.

Security Vulnerability in OpenSolaris SCTP Sockets May Allow Unprivileged Users to Panic the System

CategorySecurity

Release PhaseResolved

Bug Id
6796351

ProductOpenSolaris

Date of Resolved Release20-Apr-2009

Security Vulnerability in OpenSolaris SCTP Sockets May Allow Unprivileged Users to Panic the System

1. Impact

Due to a security vulnerability in SCTP sockets, OpenSolaris systems may
allow an unprivileged local user to panic the system and thereby cause a
denial of service (DoS).

2. Contributing Factors

This issue can occur in the following releases:

SPARC Platform

OpenSolaris based upon builds snv_106 through snv_107

x86 Platform

OpenSolaris based upon builds snv_106 through snv_107

Notes: OpenSolaris distributions may include additional bug fixes above and
beyond the build from which it was derived. The base build can be derived as follows:

$ uname -v
snv_86

Solaris 8, 9 and 10 are not impacted by this issue.

3. Symptoms

If this issue is exploited to cause a denial of service, the kernel panics
and the lower part of the stack trace would be similar to the one below. The
key identifying features of the panic is the presence of "sosctp_close()"
and "sctp_sack()" in the stack trace.